Table of Contents
Advertisement
[SwitchB-ipsec-policy-isakmp-use1-10] quit
# Apply the IPsec policy use1 to interface VLAN-interface 1.
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ipsec apply policy use1
Verifying the configuration
# Initiate a connection from Switch A to Switch B to trigger the IKE negotiation. After IPsec SAs are
successfully negotiated by IKE, the traffic between the two switches is IPsec protected.
Configuring IPsec for RIPng
Network requirements
As shown in
Establish an IPsec tunnel between the switches to protect the RIPng packets transmitted in between.
Specify the security protocol as ESP, the encryption algorithm as 128-bit AES, and the authentication
algorithm as HMAC-SHA1 for the IPsec tunnel.
Figure 88 Network diagram
Requirements analysis
To meet the network requirements, perform the following tasks:
1.
Configure basic RIPng.
For more information about RIPng configurations, see Layer 3—IP Routing Configuration
Guide.
2.
Configure an IPsec profile.
The IPsec profiles on all the switches must have IPsec transform sets that use the same
security protocol, authentication and encryption algorithms, and encapsulation mode.
The SPI and key configured for the inbound SA and those for the outbound SA must be the
same on each switch.
The SPI and key configured for the SAs on all the switches must be the same.
3.
Apply the IPsec profile to a RIPng process or to an interface.
Configuration procedure
1.
Configure Switch A:
# Configure IPv6 addresses for interfaces. (Details not shown.)
# Configure basic RIPng.
<SwitchA> system-view
[SwitchA] ripng 1
[SwitchA-ripng-1] quit
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ripng 1 enable
[SwitchA-Vlan-interface100] quit
# Create and configure the IPsec transform set named tran1.
[SwitchA] ipsec transform-set tran1
[SwitchA-ipsec-transform-set-tran1] encapsulation-mode transport
Figure
88, Switch A, Switch B, and Switch C learn IPv6 routes through RIPng.
284
Advertisement
Table of Contents
Troubleshooting
